Tavi 082bc48c32
16.0: Import and verify picks
https://review.lineageos.org/q/topic:P_asb_2022-05
https://review.lineageos.org/q/topic:P_asb_2022-06
https://review.lineageos.org/q/topic:P_asb_2022-07
https://review.lineageos.org/q/topic:P_asb_2022-08
https://review.lineageos.org/q/topic:P_asb_2022-09
https://review.lineageos.org/q/topic:P_asb_2022-10
https://review.lineageos.org/q/topic:P_asb_2022-11
https://review.lineageos.org/q/topic:P_asb_2022-12
https://review.lineageos.org/q/topic:P_asb_2023-01
https://review.lineageos.org/q/topic:P_asb_2023-02
https://review.lineageos.org/q/topic:P_asb_2023-03
https://review.lineageos.org/q/topic:P_asb_2023-04
https://review.lineageos.org/q/topic:P_asb_2023-05
https://review.lineageos.org/q/topic:P_asb_2023-06
https://review.lineageos.org/q/topic:P_asb_2023-07
	accounted for via manifest change:
	https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250
https://review.lineageos.org/q/topic:P_asb_2023-08
	accounted for via manifest change:
	https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606
	accounted for via patches:
	https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328
https://review.lineageos.org/q/topic:P_asb_2023-09
https://review.lineageos.org/q/topic:P_asb_2023-10
https://review.lineageos.org/q/topic:P_asb_2023-11
	accounted for via patches:
	https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916
https://review.lineageos.org/q/topic:P_asb_2023-12
https://review.lineageos.org/q/topic:P_asb_2024-01
https://review.lineageos.org/q/topic:P_asb_2024-02
https://review.lineageos.org/q/topic:P_asb_2024-03
https://review.lineageos.org/q/topic:P_asb_2024-04

Signed-off-by: Tavi <tavi@divested.dev>
2024-05-07 19:43:19 -04:00

44 lines
1.7 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Keith Mok <keithmok@google.com>
Date: Thu, 29 Sep 2022 22:34:05 +0000
Subject: [PATCH] Fix OOB crash for registerLocaleList
When the buffer size is equal to string size,
the func in icu just return warning U_STRING_NOT_TERMINATED_WARNING
which is a negative number, and U_FAILURE would fail if error number
greater than zero only.
This would cause non null terminated string passing into following funcs
and causing different types of crash
This fixes the previous partial fix.
Bug: 248612953
Bug: 239210579
Bug: 249151446
Bug: 239267173
Test: locale_fuzzer
Ignore-AOSP-First: security
Merged-In: I651d1ff64d06b4c30e18ee69772f52a60aa5ff7a
Change-Id: I651d1ff64d06b4c30e18ee69772f52a60aa5ff7a
(cherry picked from commit 582927b0d6c6920ee6a04049eaa9e68608cfc888)
(cherry picked from commit a8265407660edaa1006545a6401d6409c05acb5d)
Merged-In: I651d1ff64d06b4c30e18ee69772f52a60aa5ff7a
---
libs/minikin/LocaleListCache.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/minikin/LocaleListCache.cpp b/libs/minikin/LocaleListCache.cpp
index 5bd869e..ec47145 100644
--- a/libs/minikin/LocaleListCache.cpp
+++ b/libs/minikin/LocaleListCache.cpp
@@ -59,7 +59,7 @@ static size_t toLanguageTag(char* output, size_t outSize, const StringPiece& loc
char likelyChars[ULOC_FULLNAME_CAPACITY];
uErr = U_ZERO_ERROR;
uloc_addLikelySubtags(output, likelyChars, ULOC_FULLNAME_CAPACITY, &uErr);
- if (U_FAILURE(uErr)) {
+ if (U_FAILURE(uErr) || (uErr == U_STRING_NOT_TERMINATED_WARNING)) {
// unable to build a proper locale identifier
ALOGD("uloc_addLikelySubtags(\"%s\") failed: %s", output, u_errorName(uErr));
output[0] = '\0';